CMMC & NIST 800-171 Compliant
Azure Virtual Desktop Enclaves for CUI
Compliance Island closes the gap between cloud and compliance
Do you or your customers need to meet NIST SP 800-171 or CMMC 2.0 Level 2 compliance requirements?
Compliance Island brings together system-specific compliance documentation, cloud VDI technology, and security into a single unified platform built on Azure and Microsoft 365.
Designed to meet the needs of Microsoft Partners, Managed Service Providers, and enterprises of all sizes, each instance of Compliance Island is deployed in the end-user organization’s Azure tenant (Azure Government & Microsoft 365 GCC-High recommended).
Ready-to-use for secure Windows + Microsoft Office 365 workloads, or extended with any Azure, Microsoft 365, or Dynamics 365 services you want to deploy, Compliance Island dramatically simplifies the compliance process, reduces scope, and enhances security.
Ready in a few days
Get compliant in a few weeks
Save up to 70% over one-off solutions
Compliance the Hard Way
Most organizations follow the gap remediation process. This multi-year, risk-prone, one-off approach to compliance leads to significantly increased short and long-term costs.
2 Yr Cumulative Cost and Timeline Gap Remediation Method
Compliance the Easy Way
With Compliance Island, you’ll meet most of your NIST 800-171 / CMMC 2.0 Level 2 (formerly CMMC Level 3) technical requirements in a few days with your own instance deployed in the Microsoft Azure GCC High cloud.
2 Yr Cumulative Cost and Timeline with Compliance Island
Estimated 2 Yr Cumulative Cost and Timeline Gap Remediation Method – 20 user system
Estimated 2 Yr Cumulative Cost and Timeline with Compliance Island – 20 user system
About Compliance Island
Who Needs Compliance Island?
MSPs supporting, and U.S. government contractors handling:
Federal Contract Information (FCI)
Controlled Unclassified Information (CUI)
Restricted CUI categories like:
Nuclear (NNPI, DCNI)
Controlled Technical Information (CTI)
Export Controlled (EXPT, NOFORN, NATO)
How Compliance Island Helps
Reduce scope, complexity, time, and cost by segmenting CUI into your own enclave
Securely access Azure Virtual Desktops in GCC High with Microsoft 365 Office Suite from your existing systems
Ready in a few days at a low, fixed cost
Includes: System Security Plan, Policy Documentation; Change, Risk, and Incident Management; Security Monitoring Solution; and more
Meet Compliance Requirements
NIST 800-171 for CUI
CMMC 2.0 Advanced Level 2 (formerly Level 3)
DoD Assessment Methodology (SPRS score)
Basic Safeguarding (FAR 52.204-21)
Satisfies NIST 800-171A Assessment Guide
NIST 800-171 Appendix E (NFO controls)
Compliance Island Overview
Compliance Island Core Services are designed to meet the rigorous demands of NIST 800-171 and CMMC 2.0 Advanced Level 2 compliance.
Add-on technologies and services allow us to meet most organizations’ needs, whether it’s for your internal use or for your customers.
Compliance Island provides you, or your customer, with individual fully compliant enclave(s) running Azure Virtual Desktop Windows PCs with the Microsoft Office 365 (E5 recommended).
To ensure compliance for all CUI category markings, including export controlled or nuclear, we recommend deploying in Microsoft GCC High and Azure Government.
Deploying in GCC or Commerical Cloud, or using Microsoft 365 E3 + EMS E5 for end-users is available upon request.
A full suite of Core Compliance Documentation is included to ensure you will quickly and cost-effectively meet requirements allowing you to confidently attest to compliance.
Depending on your internal capabilities, you can opt to purchase the Required Compliance Plans and Services from us, or use your existing capabilities.
Full compliance requires some customer participation in these Plans, as shown in the included Responsibility Matrix.
Compliance Island can be used as-is when a Windows PC with Office 365, with or without added applications software, meets the need.
Compliance Island can also serve as the foundation to a larger solution. With a strong architecture, it’s easy to add technology and capabilities built in Azure, Microsoft 365, or Dynamics 365 with much less effort needed to ensure your compliance requirements continue to be met.
Island Systems offers architecture services to help you build your solutions while meeting compliance requirements.
Professionally Architected and Documented
Compliance Island’s included System Security Plan (SSP) contains a full suite of compliance and system architecture diagrams and documentation prepared by skilled enterprise architects.
Compliance Island System Boundary
The System Boundary Diagram shows what’s in and out of scope for compliance audits.
CUI Data Flow Diagram
The Data Flow Diagram (DFD) shows where sensitive data is stored, processed, and transmitted.
Example Control Diagram
Control diagrams show the relationship between the compliance requirements, who is responsible for them, and how they’re satisfied by Compliance Island.
Compliance Island Network Architecture Overview
This high-level diagram shows the key elements of the system.
Phone: +1 301-664-4049